VULNERABILITIES - December 20, 2006
by Marianna Schmudlach - 12/20/06 8:14 AM
phpProfiles Multiple File Inclusion Vulnerabilities
SECUNIA ADVISORY ID:
nuffsaid has discovered several vulnerabilities in phpProfiles, which
can be exploited by malicious people to compromise vulnerable
Input passed to the "incpath" parameter in account.inc.php,
admin_newcomm.inc.php, body_admin.inc.php, body.inc.php,
comm_post.inc.php, commrecc.inc.php, do_reg.inc.php, friends.inc.php,
header_admin.inc.php, header.inc.php, index.inc.php, menu_u.inc.php,
menu_v.inc.php and notify.inc.php, the "menu" parameter in
body_admin.inc.php and body.inc.php and the "scriptpath" parameter
with the POST method to remove_pic.inc.php is not properly verified
before being used to include files. This can be exploited to include
arbitrary files from local or external resources. All scripts are
located in the include directory.
The vulnerabilities are confirmed in version 3.1.2. Other versions
may also be affected.
Edit the source code to ensure that input is properly verified.
Use another product.
PROVIDED AND/OR DISCOVERED BY: